Identity & security CLOUDCARD+ When security meets convenience
CLOUDCARD+ When security meets convenience We live in an ever connected world. Digital technology is leading the way to greater mobility and all the challenges and opportunities that this brings. One challenge faced by service providers, whether in the public or private sectors, is establishing trust in their added value online services. For this they need strong online user authentication. But SMS-OTP, today s most universal user authentication, is vulnerable to attacks and no longer inspires confidence among service providers. This means that service providers must integrate even more secure and reliable systems for user authentication. CloudCard+ from Safran Identity & Security is a new generation solution for strong online user authentication. It works anytime, anywhere and through any device. Easy to integrate into service providers existing IT infrastructure, CloudCard+ enables trusted online transactions between users and service providers. Its great strength is the combination of reliable authentication factors based on what users are (their biometrics), what users have (their smartphone) and what only the users know (their PIN code). Furthermore, CloudCard+ offers secure, easy transaction signature, that cannot be repudiated. CloudCard+ is fully adaptable to the policies and needs of service providers. It is delivered in a stand alone configuration or with DACS, Safran s versatile, multi-authentication factors platform. A broad range of applications Logical access control Transaction confirmation Mobile signature Strong Customer Authentication A PROOF OF LIFE
A truly powerful combination With CloudCard+, service providers can combine up to 3 authentication factors, depending on their security policy and their application. Service providers can offer their users convenient and secure means of authentication based on: what users are (their biometrics), what users have (their smartphone) and what only the users know (their PIN code). What users have (their smartphone) Users trust their smartphones because they already hold a lot of private data. Now the smartphone can do more than just text and pictures; it can also act as a trusted device to authenticate its owner. Through a secure process, CloudCard+ registers and binds the smartphone to its user s identity. What users are (their biometrics) No more password to remember! With biometrics the user is the password. Biometrics is the answer to completely reliable user authentication. Biometrics guarantee uniqueness and absolute trust in the user s identity. As easy as a selfie Simply position your face in front of the phone s camera and it s done! CloudCard+ performs liveness detection, automatic face capture and biometric matching. For complete privacy, CloudCard+ encrypts and securely stores your facial biometric authentication factor on your smartphone. As easy as unlocking your phone Just place your finger on the smartphone s sensor, that s all. CloudCard+ relies on the capabilities of the smartphone s embedded fingerprint sensor. CloudCard+ integrates that capability into its architecture to provide strong multi-authentication factors. WHAT ONLY THE USERS KNOW (their PIN code) 9 0 3 7 1 6 5 4 8 2 The PIN code is known only to the user. Additionally, the zero knowledge cryptography protocol ensures that the PIN code is not stored on the smartphone or on the backend. CloudCard+ uses the PIN code as an additional authentication factor. It does this by inviting the user to enter their PIN code through a secured shuffle key board. Furthermore, CloudCard+ uses the PIN code for secure, easy transaction signature, that cannot be repudiated.
A host of benefits A Fully Secured Solution Combination of up to 3 reliable authentication factors Anti-spoofing measures: liveness detection (3D face reconstruction, Challenge/Response), protection against eavesdropping on the biometric reference Safran biometrics inside: our matching algorithms rank with the world s finest, as measured by NIST (the National Institute of Standards and Technology) Secure communication channel with encrypted exchanges, ensuring confidentiality, integrity and anti-replay attack Proof of transaction generated Effective traceability via audit trail Privacy by Design Means of authentication controlled only by the user Zero knowledge cryptography protocol for the PIN Biometric references encrypted and stored on user s device No remote storage of user s identity Highly Efficient No specific hardware required Compatible with major operating systems Zero SMS-OTP and PIN management costs Easy update for end users, via online app stores Ultimate Customer Confidence and User Experience Increased usability and convenience for online authentication Greatly improved user experience with biometrics capture Anytime, anywhere, any device solution, for access to high value services Omni-channel configuration of authentication (in-app and out-of-band) Easily Customized, Easily Integrated Ready to use mobile SDK (with or without GUIs) for easy integration into service provider s specific mobile application Completely generic mobile application for service providers available from Safran via online app stores Modular, scalable architecture compatible with existing IT infrastructure COMPLIANT, CERTIFIED Compliant with PSD2 Regulatory Technical Standards (RTS). PSD2 compliance is a mandatory component for PSPs especially ASPSPs, ensuring strong customer authentication and consumer protection ISO 27001 approved GOV.UK Verify certified
Logical Access Control through biometrics and smartphone authentication factors Cloudcard+ Server Authentication of the end user: Device authentication Biometric matching Access authorization Signature & Encryption of all exchanges Secure communication channel Signature & Encryption of all exchanges End user s smartphone Service Provider App : CloudCard+ Mobile SDK inside On my behalf, please authenticate the user Secure communication channel Service Provider
CloudCard+ in action today Safran Identity & Security supports public and private organizations in their quest for modernization, especially through digital transformation. We provide a broad range of digital trust solutions, all of which are customizable to both the specific needs and the digital strategies of service providers. Here we present two examples of our partnerships, in which the capabilities of CloudCard+ provide significant benefits to large scale digital identity programs. Secure Identity in the UK New government verification service Since May 2016, GOV.UK Verify is the new way for people to access government services online. Secure Identity, powered by Safran Identity and Security, provides identity checking and highly secure authentication. Use of this service is free of charge. Smartphone-based solution, mobile convenience Based on a simple sign-in application Solution as a Service mode delivers a secure trust framework Combination of 2 authentication factors: smartphone app and PIN code Government-grade biometric matching planned for the near future
SECURE PAYMENT SERVICES - PSD2 COMPLIANT Convenient, secure, strong customer authentication The revised EU Payment Services Directive (PSD2) paves the way for strong customer authentication and consumer privacy in secure payment services. Coming into force in January 2018, several major European banks are currently deploying CloudCard+ in anticipation of the directive s requirements. Compliant with the PSD2 Regulatory Technical Standards proposed by the European Bank Authority, CloudCard+ is already adopted by major banks across Europe. CloudCard+ ensures a secure, seamless design offering: Mobile convenience in smartphone-based solutions; A combination of up to 3 independent authentication factors: *What customers have (their smartphone), *What only customers know (their PIN code), *What customers are (their face or fingerprint biometrics). The generation of a unique authentication code that dynamically links the transaction to a specific amount and a specific payee Protection for payment services credentials, both on the smartphone and during the exchange with the backend Combination of up to 3 authentication factors: What you have (smartphone), What you know (PIN code), What you are (face recognition)
Safran Identity & Security 11, boulevard Gallieni 92130 Issy-les-Moulineaux FRANCE Phone: +33 (0)1 58 11 25 00 Fax: +33 (0)1 58 11 25 50 www.safran-identity-security.com Safran Identity & Security may, at any time and without notice, make changes or improvements to the products and services offered and/or cease producing or commercializing them